Another scenario:
The vulnerability was already known to the bad guys, and the software already developed, waiting for a prime time to use it.
Then when everyone and his dog learned of it via the dump, the attack was speedily deployed or auctioned to someone eager to use it, to get some value out of it before the hole was patched.
What? You don't think the smarter ones keep a warchest of exploits to use for special cases? We already know the spooks do.